RANSOMWARE vs. OVERSEAS MSPs

Managed Service Providers can be both a bane of existence, and a financial godsend.

On one hand, an overseas based MSP can save an organization a substantial amount of budget spending. Being overseas, and often in 3rd world, or near 3rd world, countries, the minimum wage is significantly lower than the $10.00 to $16.00 an hour here in metropolitan cities of the United States. The lower minimum wage is then passed on as savings to the companies paying to use their services in countries like The United Kingdom, Italy, Norway, Canada and the United States – to name a few.

The financial burden difference can be vast. In India, the minimum wage in many places is 160 rupees, which is roughly $2.40 (USD) per day (reference: https://www.minimum-wage.org/international/india ). Compare .30 cents an hour to even $7.25 an hour – which is the U.S. Federal minimum wage.

Skilled labor does increase the expected minimum wage of a systems administration, network engineer or software programmer. Most of these skills were introduced to countries like India through initiatives from companies like Microsoft and Cisco – providing training at nearly $0.00 cost to the citizens and residents of those countries. It is not unheard of to have a technology company in India that has more than even 3 CCIE’s for a company that does less than $1M in sales annually.

So – we have a VERY inexpensive workforce able to deploy to our information technology needs with sometimes far more technical skills, education and certifications – than most areas in the U.S. are even able to attain for twice what you pay the overseas MSP. Financially, we can see how lucrative relationships with overseas IT providers can be…. no, it financially IS lucrative!

About a year ago I listened to a podcast by Jack Rhysider ( https://DarkNetDiaries.com ) that talked about a European based telecommunications company – and what happened when 1 employee of their overseas contracted MSP – decided to sell the data he was able to attain. I highly recommend listening to that podcast! In the end, the telecommunications company was forced to close its doors for good – and the MSP is still a very well-known overseas MSP, still in business…. in fact, it is still ranked in the top 10 of overseas MSPs globally.

So…. how does this connect to Ransomware?

Overseas companies have no legally binding obligation to provide anything…. including a safe (from information security threats) work practice.

Yeah…and?

If one, or more, employee(s) of the overseas MSP is found to be negligent with, or intentionally, malicious actions on YOUR network, YOUR workstations, YOUR firewalls…. you have very little, if any at all, recourse legally.

Other factors include that when the company who employs the overseas MSP – policies may be strongly urged to be upheld. Sound great, right? You will simply charge them an arm and a leg if they break a rule…violate a policy. Well, if that overseas MSP decides (with all the DA accounts) to simply stop supporting your organization – you are stuck.

Hopefully this article is not too obfuscated as it pertains to malicious/negligent IT professionals being able to click on links in emails, browsers while on a workstation (or server) on YOUR network – or using a simple script found on Google or DuckDuckGo to solve an error that was shared in a forum on some ‘site . xyz . nl’.

If you had 0 obligation to pull over for law enforcement – how many would actually pull over for them?

Let me know your thoughts in the comments below!